Key skills
PythonKotlinAIAgenticGraphQLgRPCAWSKubernetesLeadershipCommunicationPenetration Testing
About this role
Brex is the intelligent finance platform that enables companies to spend smarter and move faster in more than 200 markets. As a Senior Application Security Engineer, you will focus on identifying and responding to security vulnerabilities across the Brex platform, performing code and design reviews, and conducting penetration testing.
Responsibilities:
- Identifying vulnerabilities, demonstrating business impact, and articulating the risk of specific vulnerabilities to drive prioritization efforts
- Perform penetration testing and design reviews, looking for vulnerabilities and insecure designs, work with engineering and product to design secure product features
- Maintain and build internal tools to automate security efforts, perform SAST and DAST testing of the Brex platform, and support secure development practices
- Build and contribute to a culture of collaborative security excellence through technical leadership, learning sessions, and mentorship within the team and wider organization
Requirements:
- 5+ years work experience in an Application Security or related role
- Ability to find vulnerabilities in complex systems, demonstrating business impact through custom attack chains
- Experience with a wide range of secure development activities including— threat modeling, developer education, and incident response
- Knowledge of Python, scripting languages, and AI/agentic workflows to automate tasks, build tools and improve productivity
- Collaborative mindset paired with strong written and verbal communication skills
- Proficiency with Kotlin, gRPC, GraphQL, Kubernetes
- Previous experience as a software engineer
- Consultancy experience performing web application security reviews
- Experience with securing distributed systems in AWS and cloud environments
- Experience with pentesting and securing agentic features and systems
- Contributions to the wider technical community— open source, public research, mentorship, community organizing, blogging, CVEs, presentations, etc
- Experience submitting to bug bounty programs or responsible disclosure programs